On Mon, 5 Jun 2000, Tim Haynes wrote: > On Mon, Jun 05, 2000 at 01:33:33PM +0000, Nick Phillips wrote: > > Michael Stone wrote: > > > > > And I still think this is a stupid reason for us to be allowing a security > > > problem to sit around--how many people run dns servers on machines with > > > dynamic addresses? > > > > Loads. How many people use IP masq to let their bunch of Win98 clients share > > their net connection? How many ISPs give static IPs? QED. > > > > It should probably be an install-time option. > > Erm... 'usepeerdns' and stuff... > > Another thought to throw into the fray.. What was that package that asks you > for your local & external interfaces, then goes and ballses up a default > firewall for you? ... Maybe some integration there could be fun. > > How many people wanting to run bind need it listening on their ppp0 interface, > which comes & goes merrily with dialups, rather than their eth0s and let the > outgoing forwarded requests get masqueraded? > > Just my $0.01.. > > ~Tim
You got it exactly right, there is no reason why anyone should be listening on a dynamic IP address. If it's gonna change so much, then how will people be able to find it ? If it's about DHCP, then 'just' start that first before you startup bind. Does DHCP also have something like a ppp-up script ? I think you can specify that right ? There is _no_ reason why any1 should do a DNS query on a PPP dialup. If someone really needs it (static IP over ppp ?), make it so in ppp-up (restart bind ? or is reload enough ?). As long it's named.named, it really is very important. There are just too many things in bind, that went wrong in the past. My 2 cents. ------------------------------------- New things are always on the horizon. > -- > | Geek Code: GCS dpu s-:+ a-- C++++ UBLUAVHSC++++ P+++ L++ E--- W+++(--) N++ > | w--- O- M-- V-- PS PGP++ t--- X+(-) b D+ G e++(*) h++(*) r--- y- > | So shine on, harvest moon, | http://piglet.is.dreaming.org/ > | Cast your might on the ripening corn | [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >